cybersecurity - gicat · 4 5 introduction cybersecurity cybersecurity is one of the major...

CYBERSECURITY( P R O T E C T - R E S P O N D - A N A L Y S E )

French association oF land and air-land deFence and security industries

in partnership with:

CYBERSECURITY & DIGITAL TRUST

H E X A T R U S T

2 3

editorialANSSI

FreNCH CYBerSeCUritY aGeNCY

our activities are focused on new information and communication technologies that can involve both daily life digital exchanges, and operations of the most critical systems. Whilst these technologies can significantly improve the effectiveness of our systems, they also render them more vulnerable. the number of cyber attacks is growing daily and these attacks are becoming increasingly sophisticated.

in this ever-changing context, aNSSi, the French cybersecurity agency is working with the cybersecurity field actors to develop and promote an industrial offer capable of effectively dealing with all current and future threats.

the French offer incorporates a strong network of innovative companies with internationally recognised expertise and knowledge. this offer is known for the quality, diversity and complementarity of its products and services, and can cover all the needs of French and international companies and administrative organizations.

aNSSi welcomes and supports the work of the French driven industrial cybersecurity branch through a number of recent initiatives including the launch of the France Cybersecurity label, the joint attendance of government and industry representatives to international events, and the structuring of corporate associations. this brochure that showcases several French industrial flagships is another example of the dynamism of this field.

Guillaume Pouparddirector General

ForeWordgIcAt / hex AtruSt

it security threats are a major concern in today’s world. everyday attacks and their consequences are discovered on a daily basis, whether in terms of personal data breaches affecting individuals or the leakage of sensitive information inside companies and administrations.

to counter these threats, GiCat (Groupement des industries de défense et de Sécurité terrestres et aéroterrestres, French land defence and security industry association) and HeXatrUSt (Cybersecurity & digital trust alliance) have decided to join forces, creating a partnership based on the complementary nature of their organisations. Founded by innovative French SMes and start-ups at the forefront in cybersecurity, HeXatrUSt reflects their expertise and know-how in their fields. GiCat reinforces this industrial ecosystem and offers support for exportation through its participation in interna-tional trade fairs and prospecting missions and related services.

this Cybersecurity Capabilities bro-chure presents a network of French companies seeking to develop their international business.

they are all recognised for their know-how and ability to innovate in the fields of information Security Systems, digital trust and Cyber-security. Some have received the FraNCe CYBerSeCUritY laBel, which represents an added guarantee of security and quality.

4 5

iNtrodUCtioN

cYBerSecurItY

Cybersecurity is one of the major priorities of the 21st century and an issue that reaches across borders in our highly connected world. Some 15 billion objects are now connected, and this will reach 50 billion by 2020.

Cybersecurity is an extremely vast field. it concerns governance sectors (defence, national security, and public administrations), vital infrastructures (energy, transport, health care, etc.), the private sector (industries, banks, businesses, services, etc.) and the population at large.

this threat can put any entity at risk, regardless of its sector, size or activity. it is a constant and diffuse threat that can come in many forms: obfuscation, theft, monitoring, abuse and usurpation of rights, data corruption, etc. industrial systems that are interconnected with networks are particularly vulnerable targets. at the global level, the financial stakes represent billions of euros.

1 / the “PreVeNtioN aNd ProteC-tioN” component precedes an incident and lasts throughout the system’s entire lifespan.

this includes aspects such as:• anticipating and foreseeing threats and

vulnerabilities and identifying the risks they represent

• defining architectures and procedures• installing, configuring and maintaining

resources in proper working order• training personnel

this component concerns all products and solutions used to prevent and counter incidents and losses on an infrastructure.

2 / the “deteCtioN aNd reSPoNSe” component allows attacks to be detect-ed and contained.

the goal is:• to detect incidents and losses• to collect and analyse data flows and

behaviours on systems in order to detect an incident if it has not already been reported

• to trigger an adequate response in order to contain the incident

this component concerns all products and solutions used to detect and block incidents and losses on an infrastruc-ture.

3 / the “iNVeStiGatioN aNd reSil-ieNCe” component follows an incident.

the goals of this phase are:• to analyse the incident in order to keep

it from happening again• to gather proof in the event of system

abuse• to enable continuity of service

this component concerns all products and solutions used to minimise the dam-age resulting from incidents and losses, analyse what happened, and restore the initial condition as necessary.

French expertise

France has demonstrated incontestable know-how and expertise in cybersecurity, including aspects such as encryption, smart cards, biometrics, authentication and electromagnetic radiation. French manufacturers have developed and continue to upgrade their products in all of the sub-sectors making up the broad spectrum of cybersecurity.

the Brochure

the purpose of this brochure is to present a range of cybersecurity capabilities based on possible solutions provided by the products and services of the companies belonging to the GiCat security cluster and the HeXatrUSt alliance. these solutions are independent but often complementary and can be selected globally to meet a specific requirement.

in collaboration with research institutes, the companies presented in this brochure, including innovative software publishers, offer a range of products adapted to every operational context and regulatory constraint in the world.

the cybersecurity cycle

the cybersecurity cycle can be broken down into three components:"PreVeNtioN aNd ProteCtioN" ; "deteCtioN aNd reSPoNSe" ; "iNVeStiGatioN aNd reSilieNCe".

1 / PreVeNtioNaNd ProteCtioN

2 / deteCtioNaNd reSPoNSe

3 / iNVeStiGatioNaNd reSilieNCe

Protecting and securing information requires setting up tools, processes and organisation systems that can meet defined availability, confidentiality, integrity and traceability objectives. these actions are broken down into two distinct scopes:• INFRASTRUCTURE PROTECTION for the physical means and the network. this consists in securing the buildings, machines and networks by setting up firewall and antivirus technologies and intrusion detection solutions.• INFOSTRUCTURE PROTECTION or information Protection consists in securing the data and the applications that use them. this scope covers both data security and application security.

the functional breakdown of “cybersecurity” is as follows:

FUNCtioNal BreaKdoWN

IDeNtIFIcAtION AND AutheNtIcAtION

Controlling access to a site is an essential security meas-

ure which ensures the physical protection of the informa-

tion and information system and the authenticity of the

hardware.

to provide these guarantees, these measures must first

include means capable of physically recognising a person or

device; this is the identification aspect. they must then be

capable of verifying their authenticity; this is the authenti-

cation aspect.

in the digital world, as in the physical world, it is essential

to confirm people’s identity and authenticity using means

such as physical identity, biometrics and cryptography, etc.

IDeNtItY AND AcceSS MANAgeMeNt

in our interconnected world, an organisation’s information

assets are a vital resource. the disclosure of digital information

can be a serious blow to an organisation. For any entity that

possesses sensitive information, information traceability and

imputability of actions are major priorities.

the purpose of an identity and access management system

is to control “who has access to what”, such that only author-

ised people or devices have access to the resources (data,

information, etc.) they are allowed to access. the processes

for requesting or revoking rights of access must be managed

continuously and in an audited and controlled manner, in

accordance with the security policy.

DAtA SecurItY

the loss of data due to an incident, whether voluntary or not,

can be catastrophic or even fatal to an entity. the availability

of processed information always needs to be taken into

account when securing an information system.

it is essential that the confidentiality, integrity and traceability

of information be guaranteed, especially through the use of

cryptographic means. an electronic signature allows a person

to commit to data (non-repudiation) and to vouch for the

data’s integrity. it is also important to ensure data integrity in

the long term and to conserve the legal value of digital proof

over time.

encryption tools are used to manage data confidentiality, both

between different people within a company and any time data

is shared, exchanged or stored.

INFrAStructure AND eQuIPMeNt SecurItY

an information system’s infrastructure is a vital element,

and the security of its architecture needs to be ensured by

guaranteeing the confidentiality, availability and integrity of

every brick that makes up the system.

this is achieved by securing the entire system, i.e., every

device and technology, the interconnections and the configu-

ration parameters.

Hidden channels and transmission via interfering signals must

also be taken into account to prevent the leakage of sensitive

information.

cOMMAND AND cONtrOL, DecISION SuPPOrt

Sensitive infostructures require around-the-clock surveil-

lance, 24-7, in order to detect security incidents affecting

the information system.

the tools used for this surveillance need to manage the

activity logging for the system’s components and analyse

the data flows to provide the security teams with informa-

tion. For better detection of complex attacks, they must

also be able to associate related events and provide the

appropriate summary reports.

PrOVIDINg AND cOLLectINg INFOrMAtION

in cyberespace, information is the raw material and repre-

sents a vital resource. Controlling information has there-

fore become a major priority for companies and govern-

ment agencies.

With the growth of data transfer platforms and social net-

works, surveillance of these channels is essential.

the diversity and volume of multilingual information ex-

changed in the digital world means increasingly effective,

high-performance tools are needed to collect, analyse and

provide relevant information with confirmed value.

INVeStIgAtINg AND gAtherINg PrOOF

after a security incident, it is important to investigate what

happened in order to take legal action and/or keep this type of

event from happening again.

the digital investigation must:

• first, ensure the integrity of the digital proof and

that all items of evidence are properly conserved,

• second, analyse this proof which can be complex,

• and lastly, provide an investigation report that can

be understood by non-experts in the field.

AuDItINg, cONSuLtINg, OPerAtIONS

AND trAININg

Guaranteeing the protection of information assets is of

utmost importance. Securing the information system and

keeping it secure over time is an action that every entity

needs to implement.

Given the complexity and diversity of interconnected tech-

nology systems, achieving system security requires experts

well-versed in not only information system security, but also

every technology used to handle information.

these specialists have the necessary qualifications to con-

tain an incident on the system and respond quickly and ef-

fectively in order to limit its impact.

these consultants are able to provide services at every lev-

el: governance, control and design/integration.

every link in the chain of an information system plays a part

in its security, and cybersecurity trainings are essential in

ensuring infostructure security.

6 7

Identi

ficati

on an

d Auth

entic

ation

Identi

ty an

d Acce

ss Man

agem

ent

Comman

d and

Contro

l, Dec

ision S

uppo

rt

Data Se

curit

y

Infras

tructu

re an

d Equ

ipmen

t Secu

rity

Invest

igatin

g and

Gatheri

ng Proo

f

Audit

ing, C

onsul

ting, O

perat

ions a

nd Tr

aining

Providi

ng an

d Coll

ectin

g Info

rmati

on

iMaGe

8 9

CoMPaNY iNdeXFuNctIONAL BreAKDOWN

Identifi

catio

n and

Authentic

ation

Identi

ty an

d Acc

ess M

anag

emen

t

Comman

d and

Contro

l, Dec

ision

Suppo

rt

Data Sec

urity

Infras

tructu

re an

d Equ

ipmen

t Sec

urity

Inves

tigati

ng an

d Gath

ering

Proof

Audit

ing, C

onsul

ting, O

perat

ions a

nd Tra

ining

Providi

ng an

d Coll

ectin

g Infor

mation

Page

air lYNX 10

atoS 11

BertiN 12

BraiNWaVe 13

CoFelY iNeo 14

deNYall 15

erCoM 16

ileX 17

oPeNtrUSt 18

PriM’X teCHNoloGieS 19

riSK & Co 20

SUrYS 21

SYStraN 22

tHaleS 23

tHe GreeN BoW 24

traCiP 25

trUStiNSoFt 26

Vade retro teCHNoloGY 27

WalliX 28

Data Security

Identity and Access Management

Command and Control, Decision Support

CoNtaCtS:atoSrue Jean Jaurès BP 68 78340 leS ClaYeS - FraNCe tel.: +33 (0)1 30 80 35 10Web site : www.atos.net

dan Nizardatos Cybersecurity Sales [email protected]

Manufacturer and supplyer of 4G lte secure private networks dedicated to fixed or nomad professional usage

air-lYNX 4G NoMad aNd SeCUred NetWorK

air-lYNX proposes an innovative solution for a 4G lte private network featuring the four native communication services PMr ( included “Push to talk”, group calls and priority management), video, geopositionning and telephony, required for professional usages. the infrastructure provides a warranted access to the resources and a high data rate transmission.

air-lYNX 4G solution is based on recent lte technology and takes advantage of frequency agility, compact packaging, ease of deployment and international stand-ardization which warrants smooth evolution and long life duration. it incorporates one lte network kernel (ePC), one or several lte base stations (eNodeB), servers associated to the four native services and optional gateways required by customer for interoperability purposes. air-lYNX can also include in its supply, standard or ruggedized mobile devices as smartphones or tablets which could also be secured, as well as the services required for deployment field engineering.Fitting well military or public safety applications, it can be supplied for fixed or mo-bile facilities as well as a transportable version for tactical radio network deployment.

NatiVe SeCUritY SerViCeS:

terminals identification and authentication, mutual authentication between network and terminals

Users identification and authentication,

User and terminal identity confidentiality,

User data confidentiality between terminal and base station (radio channel),

Signalling data confidentiality and integrity between terminal and network kernel,

end to end user data confidentiality (optional),

Built-in event reporting.

CoNtaCtS:air-lYNXimmeuble everest, 1 avenue de l’atlantique91940 leS UliS - FraNCe tel.: +33 (0)9 81 43 46 46 Web site: www.air-lynx.com

Philippe SaeNzPresidentMobile: + 33 (0)6 32 95 03 [email protected]

Infrastructure and Equipment Security

10 11

aHPS (atos High Performance Securi-ty) with SieM (Security information and event Management) and CSirt (Com-puter Security and incident response team) work together to detect and re-mediate security issues, while adding value to your activity.

data protection: sensitive data is perva-sive in your organization and in its ex-changes with the outside world.trustway Proteccio is a general-purpose HSM. it provides hardware protection for keys management and cryptograph-ic operations.trustway VPN protects your sensitive networks and all their endpoints against intruders. it ensures the confidentiality and integrity of iP flows.Globull is an external hard drive with a very high level of security. You can safely carry your sensitive data with you.

atos has provided the entire it for the olympics including all key security ser-vices since 2002 and until at least 2024. the olympics has not had a single business interruption due to an it se-curity incident in the 12 years we have worked with them—this despite the Games being an extremely rich target for hackers.

Hoox: native mobile security. the Hoox phones are designed to provide you with a high level of security. Controlled communication ports, strong authenti-cation, hardware encryption: the entire phone protects your privacy. atos inte-grates Hoox encryption technology and high-performance anti-intrusion protec-tion. the entire safety chain is protected. atos’ evidian identity and access man-agement software protects access to your information system’s resources. it considerably simplifies the manage-ment of authentications and access rights, and delivers single sign-on for PC, web and mobile. as a result, your users are more productive and comply natural-ly with your security policy.

atos Physical Security is an integrated solution that ensures the overall secu-rity of major, sensitive sites. Physical security includes access control, video surveillance and intrusion management, all centralized in a monitoring center. a sensitive site needs to be protected on several levels: access protection, intrud-er sensors, CCtV, perimeter control… even drones. our solution integrates all monitoring data and allows your teams to effectively monitor your sites.

atos manages the entire security process (from consulting to operation) and covers the whole security value chain, from it to operational technologies.

atos is a trusted partner, addressing security specialists as well as general management and business managers.

CoNtaCtS:BraiNWaVe38 - 42 rue Gallieni92600 aSNiereS-SUr-SeiNe FraNCe tel.: +33 (0)1 84 19 04 11www.identityanalyticsintelligence.com

Cyril GollaiNCeoMobile: +33 (0)6 13 78 52 [email protected]

Brainwave is a leader in it fraud, data leakage and cyber espio-nage risk analysis and mitigation.

excessive access rights, removal of access privileges, segregation of duties are the top 3 problems found when external audits are made and are the cause of most fraud and data leaks.Brainwave addresses these issues with an innovative analytics solution. Brainwave identityGrC allows mapping and continuous monitoring of access rights to applica-tions, structured and unstructured data, on premise or in the cloud.

Brainwave brings you 3600 snapshots of your users, their granular permissions and their activities. its patented analytics engine automatically highlights all abnormal situations, thus helping you reduce fraud and data leakage risks.• Analyze applications’ permissions, file shares and physical access• Maintain a full history of the people and their access rights• Comes up with more than 200 analytics and reports out-of-the-box• Provides production ready remediation and access review workflows• Installed in days• Connector less

By using Brainwave, our clients significantly reduce their risks of fraud and data leaks by ensuring that access rights to sensitive information are managed on a need-to-have basis.Brainwave has been named Gartner Cool Vendor 2013 and is distributed through a network of consulting partners across europe, africa, Canada and the US.

the Brainwave solution simplifies identity Governance. installed on top of legacy provisioning systems or as a standalone application, Brainwave enables your organization to achieve sustainable compliance and empow-ers your business people with the tools needed to effectively manage their assets security.

12 13

Business line of Bertin technologies (CNiM Group), Bertin it designs and provides software solutions meeting the highest needs on the fields of cyber security, cyber intelligence and voice recognition.

its offer covers the security of sensitive information systems and critical infrastructures, and the in-depth analysis of open source multimedia and multilingual data for detecting threats and enhancing situational awareness. With its subsidiary Vecsys, specialized in voice technologies, Bertin it also provides solutions and services dedicated to multilingual speech-to-text transcription of audio/video sources, the development of linguistic resources and embedded voice command.

PolyXene®, sensitive information systems & critical infrastructures high security software platformCC-eal 5 certified, PolyXene® relies on more than ten years of close cooperation between Bertin and the French arms procurement agency (dGa) on partitioning classified information and secured exchange of sensitive data issues. PolyXene® natively integrates several security building blocks, including: • partitioning of data and applications of different levels of sensitivity (e.g. public

vs. restricted) on a single workstation (fixed or nomad) ; • role based access control and strong authentication for limiting potential impact

of an intrusion in case of a corrupted session ; • data encryption for fighting against attacks using hidden files or rewriting on

the fly.

WhiteN®, USB threats neutralizerWhiteN® achieves high protection against attacks using removable media (USB peripherals, Cd-rom, smartphones, etc.) with sanitizing and file format verification, as well as whitelisting and filtering peripheral by classes which enables to block any unauthorized device (e.g. malicious devices of the kind of BadUSB). WhiteN® also has partitioning properties that makes it possible to confine the environment being accessed by the peripheral. doing so, even though an attacker succeeds in spoofing an approved device, his possibilities to harm are limited to the corrupted machine.

MediaCentric®, multimedia multilingual open sources in-depth analysis platform an all-in-one solution for anticipation and investigation, MediaCentric® covers a whole monitoring process including the massive collection of multimedia multilingual (Chinese, russian, arabic, Spanish, english…) contents from open sources (Web, tV, radio), the in-depth analysis, the dynamic visualization and the edition of reports for disseminating information.the French armed Forces had acquired two of these platforms for cyber intelligence needs and critical issues.


Data Security

Providing and Collecting Information

CoNtaCtS:BertiN it10 bis avenue ampère78180 Montigny-le-Bretonneux - FraNCe tel.: +33 (0) 1 39 30 60 58Website: www.bertin-it.com

Stéphanie BlaNCHetCommunication / Marketing [email protected]

Data Security


Command and Control, Decision Support

our solutions are designed in order to have the right balance between: • Functionality • Ease of use • Security

data storage securization • On server • On smartphone, mobile terminal • Inside public or private cloud

Communication network securization • Fixed communication network • Wireless network

Security

ease of useFunctionality

Identification and Authentication

Data Security

CoNtaCtS:deNYall6 avenue de la Cristallerie92310 SèVreS - FraNCe tel.: +33 (0)1 46 20 96 00 Fax: +33 (0)1 46 20 96 02Web site: www.denyall.com

Stéphane de Saint albinVP Marketing & Business development tel.: +33 (0)1 46 20 96 [email protected]

denyall is a european software vendor, an expert in Next Generation applica-tion Security. Building on 15 years of experience securing web applications and services, the company keeps on innovating to meet the needs of organizations of all sizes, worldwide.

to fight against modern attacks targeting your it infrastructure, an efficient strate-gy calls for reducing your attack surface, by proactively managing it vulnerabilities, and filtering incoming Web traffic to stop application-layer attacks from accessing your critical back-end servers. the purpose of denyall’s Next Generation application Security products is to help you detect security weaknesses, protect the application layer, safely connect users and manage the process, with a view to improving your security posture over time :

Vulnerability Managementdenyall’s vulnerability scanners help organizations detect the network, system and application layer vulnerabilities which can potentially be exploited by hackers to gain access and steal your data. Based on a shared platform, they meet the needs of audi-tors, it and security teams alike.

Web application Securitydenyall’s web application firewalls (WaF) protect any application accessible via a web browser or mobile app. that include internet-facing transactional web sites (e-Banking, e-Commerce, e-Government, etc) , messaging and collaborative portals, critical databases and web services based communications.

Web access Managementdenyall’s Web access Manager (WaM) helps safely connect users to your web ap-plications, making security easier for them (Web Single Sign on), while strength- ening authentication for protected applications. denyall Client Shield makes sure the browsers connecting to your applications are not the vectors of data leakages.

Security Managementdenyall products provide the ability to centrally manage controls, wherever and whenever they need to be deployed, and to make sense of the data they log, with centralized dashboarding and reporting based on key security indicators. this is es-sential to understanding what happened, after the fact, and improving over time.

Certificationsdenyall is very proud to be one of the companies awarded the ‘France Cybersecurity’ label in January 2015.the French government agency for it security (aNSSi), has issued its ‘Certification de Sécurité de Premier

Niveau - CSPN’ to both denyall rWeb and BeeWare i-Suite in June 2013 and September 2014, respectively. in the Gartner’s first Magic Quadrant for WaFs, published in June 2014, denyall is very well positioned in terms of “completeness of vision”, thanks to its innovation in security.

14 15

as a major player in electrical engineering, information and communication systems, and related services, Cofely ineo provides its public and private customers with over-all solutions from design to operational and security maintenance.Cofely ineo brings solutions to secure infrastructure related to industrial systems, information systems, and mobile network.

ensuring data security in cyberspaceour offers are built from proven and qualified technology used by the French authorities. they bring protection for data in terms of confidentiality, integrity, availability and traceability.our solutions provide this security level for both data storage and data transport.

insure the security of the infrastructurein order to respect defense in depth principle, our security experts design secure architectures. those architectures are consistent with the state of the art, from design to secure maintenance.

in addition, the knowledge and experience of Cofely ineo in signals intelligence, allow us to propose solutions for protection of electronic and computer systems against compromising emanations.

Cybersecurity servicesour teams of experts in cybersecurity are able to provide services in organizational, architecture and system audits.to ensure systems maintenance in secure conditions, we are also able to provide vulnerability monitoring and impact analysis.

CoNtaCtS:CoFelY iNeo1 place des degrès92059 Paris la défense Cedex - FraNCe tel.: +33 (0)1 57 60 42 00Fax: +33 (0)1 57 60 42 01Web site: www.cofelyineo-gdfsuez.com

Josyane loUrdiNineo Cyber Sécurité Mobile: +33 (0)6 84 61 67 [email protected]


Data Security

Auditing, Consulting, Operations and Training

Cryptosmart solution prevents against all the threats mobile workers may encounter: lost or stolen ter minals, eavesdropping and intrusion on handsets on best-in-class Smartphones, tablets and PC.

Cryptosmart secures mobile phones for all communications (voice, data, mail, SMS) and on all networks (GPrS, edGe, 3G, HSdPa, lte™, Wi-Fi®, Satellite, etc). We guarantee to our users the confidentiality of their data and voice exchanges as well as a user-friendly solution.Cryptosmart includes a set of security software and a patented encryption technolo-gy embedded in a fully secured smartcard. indeed, the Cryptosmart applet certified eal4+ is enclosed in a eal5+ smartcard. the Cryptosmart solution is certified French and Nato restricted Product.the solution secures all data flows (emails, intranet/internet accesses, business applications…) and enables both encrypted-clear and encrypted-encrypted voice communications.Cryptosmart is already used by numerous governmental entities and sensitive cor-porations.

CoNtaCtS:erCoM6 rue dewoitine Bâtiment émeraude78140, VélizY-VillaCoUBlaY FraNCe tel.: +33 (0)1 39 46 50 50 Web site: www.ercom.com email: [email protected]

P Security for mobile, fixed and satellite networks

P Security of data stored on Smartphones and tablets

P Secure voice

P Secure SMS

P Mail & intranet security

P Secure internet access

P Strong authentification

P France & otaN restricted

P Customer cryptographic independence

P information system access control

Strong security for mobile communications (voice and data) on best-in-class Smartphones and tablets.



Data Security

ilex international is a software provider specialising in identity & access Management solutions (iaM).

Provider to most of the blue chip companies, throughout the past 25 years, the com-pany has developed proven expertise in both data access control and identity and rights management.

ilex international’s solutions are business-oriented and

meet the requirements of all companies and organizations focused on the secu-rity of their information system, in France and worldwide.

overtime ilex international has built a strong and reliable network of specialised partners.Whether they are market leaders or highly specialised consulting firms with strong expertise in it security, they pro-vide customers with complementary software or high level consulting and integration services. this allows ilex in-ternational to offer, in addition to its iaM and CMS (Card Management System) product line, a large range of best of breed well integrated complementary solutions as well as appropriate local and global support throughout the world.

ilex international’s offering is centred on 4 products:• Sign&go : Strong authentication, access control, global SSo (WaM and enterprise SSo) and identity federation solution.• Meibo : identity and rights management, business workflows and user provisioning solution • Meibo People Pack : a packaged solu-tion for managing user’s lifecycles and their rights within the organisation• iden Park : deployment of authenti-cation devices (smartcards, USB keys, badges) and management of their lifecycles

the success of identity and access management projects is based on the quality of the solutions as well as the ability to provide personalised and highly competent professional services. ilex in-ternational makes it a priority to provide outstanding consulting, training, and sup-port to their customers and partners and to ensure that their needs are properly met throughout the project life cycle.the company is a founder member of the Hexatrust association.

identity Management

access Management

authentication device Management



CoNtaCtS:ileX iNterNatioNal51 boulevard Voltaire92600 aSNièreS-SUr-SeiNeFraNCe tel.: +33 (0)1 46 88 03 40 Fax: +33 (0)1 46 88 03 41Web site: www.ilex-international.com

thierry BettiNiSales director / Sales department [email protected]

16 17

opentrust is a leading provider of trusted identity-based solutions for protecting credentials, data and transactions. We are also an internationally recognized Certification authority.

opentrust’s two major product lines are available as a cloud service or under a software license:

trusted identities, afeaturing strong authentication and certificate lifecycle management for any type of media or device (PC, smartphone, tablet, badge, token)

trusted documents and transactions, featuring digital signatures, confidentiality and proof management.

every day, millions of people around the world use opentrust technologies with their corporate badges, their passports, when signing contracts, insurance policies, loans, rental agreements, and more, both on-line and in person.

opentrust operates in europe, the Middle east and the USa through a network of local resellers.

Find out more at: www.opentrust.com



Data Security

CoNtaCtS:oPeNtrUSt175 rue Jean-Jacques rousseau92138 iSSY-leS-MoUliNeaUX CedexFraNCetel.: +33 (0)1 55 64 22 00 Fax: +33 (0)1 55 64 22 01Web site: www.opentrust.com Caroline droBiNSKi Marketing & Communication Manager Mobile: +33 (0)6 89 72 69 41 [email protected]

Prim’X is a developer of data encryption software for it systems.

Prim’X technologies develops encryption solutions to effectively prohibit unauthor-ized access to sensitive information whether local or remote, stored or exchanged.

the encryption solutions developed by Prim’X ensure encryption of data wherev-er they may be stored - internally on workstations or servers and externally on da-ta-sharing servers – and encryption of information exchanges (e-mails, file attach-ments, portable devices, etc.).Prim’X solutions guarantee data access ubiquity for users, in particular for roaming users by way of encryption applications dedicated to mobile terminals and/or their partners.With these solutions it is possible to set up cryptographic partitioning of data be-tween users, and to prohibit unauthorised access to data by third parties (technical personnel, Cloud service providers, etc.). Prim’X is a driver of innovation and is continually developing its products so that they remain perfectly suited to the needs of users. Mobility and data security in the Cloud are the key concerns of the Prim’X development lab.

Main Prim’X encryption software:

zoneCentral Protection of files stored on workstations, peripherals and servers

Cryhod Protection of mobile workstations with pre-boot authentication and full-disk encryption

zonePoint encryption of data shared on MS SharePoint and encrypted document securitye

zed! encrypted containers for data archiving or email exchange (free reader available for all operating systems and platforms on http://www.zedencrypt.com)

zedMail email confidentiality through end-to-end encryption with password or certificate authentication

Data Security

Certifications : Prim’X regularly gets its encryption software certified at CC eal3+ level and qualified at Standard level with the aNSSi (French national agency for infor-mation system security). zoneCentral, zonePoint, zed! and Cryhod have all obtained these certifications. they have also received Nato-restricted and eU-restricted protection approval and “France Cybersecurity” labels for its products.

CoNtaCtS:PriM’X teCHNoloGieS117 avenue Victor Hugo 92100 BoUloGNe BillaNCoUrt FraNCe tel.: +33 (0)1 77 72 64 82 Web site: www.primx.eu

Nicolas Bachelier Sales directorMobile: +33 (0)6 60 40 38 [email protected]

18 19

launched in 1994, riSK&Co is a european engineering and risk intelligence group. our areas of expertise are critical infrastructure projects and crisis areas.Present in over 30 countries, we are leaders in all issues involving sovereign indus-tries (energy, defence, telecommunications, …) and sensitive infrastructure projects in dangerous environments. risk&Co, through its subsidiary risk&Co Solutions carries out tasks of cyber security critical environments at both the SCada systems and management information levels.

our actions:Cyber Security Consulting/Forensicsintegration of cyber security in complex projects: P assistance to formalize cyber security requirements P development of cyber security specifications P Cyber security awareness sessionsrisk assessments & basic engineering expertise: P initial identification of cyber security risks P early-stage design of security architectures P Security review of network or application designson-call expertise throughout the lifecycle: P Management awareness notes related to cyber security P technical notes for specific topics of expertise P design of use-cases of SieM solutions

technical audits & penetration testingPenetration testing P Methodology: Simulation of attacks against a given target in order to identify

its vulnerabilities and highlight their impact, using the same tools and technics as real attackers.

P typical targets: internet access, Web applications, internal networks P deliverables: audit report describing the methodology, the vulnerabilities identi-

fied, their consequences and the associated recommendations P Variants: With or without user account or information on the target, depending

on the scenario to evaluateWhite-box reviews: P Methodology: Comprehensive study through a review of the configuration,

procedures, documents, or interviews P typical targets: Firewalls, high-criticality servers, admin practices P deliverables: audit report describing the methodology, the vulnerabilities identi-

fied, their consequences and the associated recommendations

Security software engineering Secure protocols: P design of secure communication protocols and cryptosystems P Study of the security of existing protocols P Securing of existing protocols design and development of security software P design and implementation of customized encryption applications P implementation of encryption and security librariesoff-the-shelf products: P SecureBooks: a secure document distribution solution for iPhone/iPad P Simp: an instant messaging encryption solution P Sereos: a secure mini-cloud infrastructure

CoNtaCtS:riSK&Co38, rue Jacques ibertCS 9051992300 leValloiS Perret FraNCe tel.: +33 (0)1 55 24 23 22email: [email protected] site: www.riskeco.com

Bruno delaMottePresident

Investigating and Gathering Proof



CoNtaCtS :SUrYS(the new name for Hologram.industries)22 avenue de l’europe, 77600 BUSSY SaiNt GeorGeS FraNCetél.: +33 (0)1 64 76 31 00Site web : www.surys.com

Corinne MUrCia GiUdiCellidirector, Marketing,Sales & Customer [email protected]




20 21

authentication and traceability of people, critical components and immaterial content

SUrYS is a world leader in the development, production and marketing of optical and digital systems for protection of high security documents against fraud and counterfeiting.SUrYS covers various aspects of material and immaterial security. three main ac-tivities predominate: authentication of identity documents, through our subsidiary Keesing technologies which manages the world’s largest database of id document security features; fight against counterfeiting of components of sensitive equipment through optical Smart™ solutions; search of sensitive contents on the internet thanks to advestiSearch™ authorities products and services.

authentication and identification:With documentchecker™ and authentiscan™, SUrYS offers solutions for iden-tity document control, from a fixed or mobile unit, that determine unambiguously whether the identity document submitted by the applicant is genuine. this software compares the model tested with our Keesing references Systems™ database which contains over 20,000 images of more than 3,000 identity documents of nearly 200 countries and organizations.

Security of Critical Components:anti-counterfeiting systems optokey™ and drop™ are dedicated to check the in-tegrity of support and data linked to the physical components. they consist in la-bels applied to various objects guaranteeing their tamper evidence and traceability, automatically authenticated with specific Smartphone apps. deployed on standard Smartphones, they can be used by non-trained people.

data Collection:advestiSearch™ authorities product line, currently used by major actors like French Gendarmerie, allows to search for audiovisual and textual content by similarity on the internet. From reference content, the system is able to identify low intensity signal, for instance an image or some seconds of a soundtrack embedded in a large Youtube video stream. they can be tracked and their source identified for diffusion control or investigation.

automated authentication and traceability of sensitive components

online sensitive data collection

automated authentication of id documents



intelligent language technologies

in today’s digital world, businesses or defense and security organizations are over-whelmed with massive amounts of data which tend to be more and more non-english. the lack of linguistic skills and expertise, especially in Middle eastern languages, and the variety of sources and formats (text, audio, video, image) are the other major chal-lenges they need to overcome in order to fight efficiently against cyber criminality.

For over four decades, SYStraN has been the market leader in language-translation products and solutions. With the ability to facilitate communication in 130+ language combinations, SYStraN is the leading choice of global companies, defense and secu-rity organizations or public agencies, enabling them to quickly understand and process large volumes of multilingual content.

ensure information security in your translation processesBy providing a centralized translation server directly on site, SYStraN offers fully se-cure, real-time automated translation regardless of the document formats. all sensitive information stay secure because your data and translations never leave your network, thus preventing data leakage.

Quickly translate large volumes of contentSYStraN’s high performance and scalable architecture delivers fast translations, al-lowing you more time to spot and analyze critical information.

reduce translation coststhe use of automated language identification and automated machine translation dra-matically reduces the need for human translation, therefore lowering costs.

Make your electronic investigations smarterSYStraN’s linguistic development Kit enables you to get all your multilingual Big data in a searchable and manageable form. taken separately, each module is an effi-cient tool for processing language, documents or names. Combining them, you benefit from powerful multilingual capabilities for data mining or semantic search solutions. the key linguistic libraries, listed below, are available in all the 45+ languages support-

ed by SYStraN.

SYStraN language technologies let you utilize and analyze both structured and un-structured multilingual content, such as user-generated content, social media, Web content and more. to help you manage even more document formats, oCr (optical character recognition) and aSr technologies can easily be integrated with SYStraN.

• Document Filtering • Language Identification • Segmentation and Tokenisation • Language Normalisation • Document Classification • Named Entity Recognition

• Dictionary • Morphological analysis • Syntactic Analysis • Transliteration • Word Sense Disambiguation

Data Security



thales is a global leader in cryptographic security products and solutions for critical government and defence infrastructure, satellite networks, enterprise customers and the financial services industry. thales’s unique positioning in the marketplace derives from its ability to address every link in the security chain and deliver end-to-end solutions.

as of January 2015, there were approximately three billion internet users in the world and more than 1.2 billion websites. the internet has grown exponentially and so have the number of cyberattacks. information systems and the internet play such a prominent role in government and business — and in people’s day-to-day lives — that they are critical to a country’s economic performance and national security. today, cybersecurity has become an existential challenge for governments, essential operators and businesses in every sector.

thales expertise in cyberspace

With a presence throughout the entire security chain, thales offers a comprehensive set of solutions and services ranging from security consulting, intrusion testing and architecture design to system certification and the development and lifecycle management of products and services.

thales provides the it solutions and human resources needed to protect information systems and to monitor, detect, analyse, visualise and counter all types of current and future cyberattacks, including virus attacks, disinformation, denial-of-service attacks, destabilisation, data destruction, defacement and theft.

Cybersecurity is an integral part of the thales offering for the aerospace, transportation, defence and Security sectors and is central to the company’s role in the defence- Security Continuum.

By choosing thales, you benefit from: • A team of 5,000 critical it engineers with 1,500 experts in cybersecurity • A partner with more than 40 years of experience protecting classified information

up to the top Secret level • A global actor with products and solutions deployed in more than 50 countries • A reliable service provider with experience operating and monitoring the critical

information systems of over 100 customers

our clients include: • 19 of the 20 largest global banks • 4 of the 5 largest oil companies • 27 Nato country members

Critical information Systems and Cybersecurity, thales www.thalesgroup.com/cic

CoNtaCtS:SYStraN5 rue Feydeau - 75005 PariS - FraNCe tel.: +33 (0)1 44 82 49 00Fax: +33 (0)1 44 82 49 01Website: www.systransoft.com

emmanuel toNNelierSenior account Manager, eMeadefense & SecurityMobile: +33 (0)6 67 40 03 [email protected]

CoNtaCtS:Critical information Systems and Cybersecurity, thales

www.thalesgroup.com/cic

22 23



CoNtaCtS:tHeGreeNBoW28 rue de Caumartin 75009 PariS - FraNCe tel.: +33 (0)1 43 12 39 37Fax: +33 (0)1 43 12 55 44Web site: www.thegreenbow.com

Sales [email protected]

theGreenBow is a French Cybersecurity Software company pro-viding off-the-shelf data encryption solutions for personal comput-ers and mobile platforms.located in Paris/France since 1998, theGreenBow has acquired a unique skill set in building user friendly encryption tools combining the highest level of security and unequalled ease-of-use. theGreenBow security solutions are appreciated by a large community of users worldwide and are renowned for their solid implementation, their reliability and for their ergonomic user interfaces. theGreenBow provides Software solutions for secure Network communications (VPN) and email privacy (email encryp-tion). With over one million licenses distributed worldwide, 70% of sales in export, over 15 years of experience in building cryptographic Software for privacy protection in a B2B market and the recent achievement of Common Criteria eal3+ Certification, theGreenBow is a leading provider of trusted and scalable security solutions suitable for SMes, large accounts, Critical infrastructures, Government and civil administra-tions, … theGreenBow is a founding member of Hexatrust, member of the competi-tive cluster « Pôle Systematic » and contributor to the Government Plan for strategic development in key areas (Nouvelle France industrielle).

VPN Clientreliable and secure remote connectionsMulti-protocol support (iPsec & tlS), compatible with virtually all VPN Gateway, pro-viding reliable fast and highly secure VPN connections over any type of Network, theGreenBow VPN Client is the ideal solution for secure remote Network access.

Premium VPN ClientScalable, and designed for seamless integration with corporate it infrastructuresCompatible with any PKi, simple and quick integration with existing it infrastructures, built-in facilities for large-scale deployment - theGreenBow Premium VPN Client is de-signed for integration within large corporate Networks (government administrations, critical infrastructures, and large enterprises).

Certified VPN Client Certified and audited government grade VPN theGreenBow certified VPN client is the first VPN client worldwide to achieve Com-mon Criteria eal3+ certification as well as Nato end eU restricted qualification.

android VPN Client Secure VPN for tablets and SmartphonestheGreenBow android VPN Client extends the range of professional solutions provid-ed by theGreenBow for secure remote connections.

CryptoMailerUniversal email privacy true end-to-end email encryption, making email privacy a user-friendy and painless experience. integrated with major email clients (outlook, thunderbird, livemail, ..) and compatible with virtually any existing email system and Webmail and any operating system. truly revolutionary.

With more than 20 years of experience, traCiP is a french com-pany that pioneered data recovery and Computer Forensics Services in France.

Working daily on cases, traCiP is the leading French data recovery & digital investi-gation laboratory and a leading provider in Consulting, equipment & training for Corpo-rations and Government agencies.

our customers are large Corporations, law enforcement and Government agencies, regulation authorities… which trust traCiP to support them in their fight against Cy-ber criminality.

We offer services, equipment and training to law enforcement agencies and Corporations, including:

Creation of Customized turnkey digital Forensic and data recovery laboratories

Consulting for in-house digital investigation

data recovery, Computer Forensic and Cybersecurity trainings

Mobil’it® : traCiP is the designer and manufacturer of the first forensic mobile laboratory with data recovery and digital Forensic capabilities built for field investigation

Data Security



CoNtaCtS:traCiP6 rue robert Schumanza le Breuil54850 MeSSeiN - FraNCe tel.: +33 (0)3 83 50 54 63 Fax: +33 (0)9 70 06 31 45email: [email protected] site: www.tracip.fr

Forensics Services & Technologies

24 25


Data Security

always more low-priority emails… take back control over your emails.

the issue is no longer spam, which is now well regulated by most anti-spam solutions on the market.

the problem has shifted to low-priority emails, called graymail. the proportion that graymail occupies in the global mail volume has reached 50% in professional mailboxes. there is of course a solution to the problem, but it is tedious – deleting these emails every day and unsubscribing from them manually.

advertisement emails and other notifications are not spam. However, 82% of users see them as a nuisance and have indicated their dissatisfaction with their email filter solutions (Gartner Magic Quadrant 2013).

Spare your employees the daily graymail cleanup. Vade retro technology’s filter solution does not compromise on security, protecting you from spam, phishing and viruses thanks to an innovative heuristic technology.

associating automatic classification of low-priority emails with safe unsubscription from newsletters in 1 click, the Vade retro solution offers a global, simple and effective response to your expectations: more productivity and control over your mail.

the heuristic filter: the security layer. Fast and accurate, email scans do not require connections to external services. the filter is operational immediately after installation and is

effective against waves of targeted attacks.

automatic graymail classification.emails are sorted by their nature: person-to-person, advertisement, news-letter, social network notification, etc. We classify your emails according to

your filter policy and strategy.

Safe unsubscribe in 1 click. the process takes place in real time and delivers results in 1.4 seconds with a success rate of 84%.the procedure is identified during the filtering phase and supports all

unsubscription methods

the solution adapts to your needs and infrastructure.the solution runs independently from your mail client. available through a virtual or physical gateway, a cloud service and a development kit SdK.

CoNtaCtS:Vade retro teCHNoloGY3 av antoine Pinay,Parc d’activités des 4 vents 59510 HeM - FraNCe tel.: +33 (0)3 28 32 80 44Web site: www.vade-retro.com

Grégoire lePoUtreVP Sales & Strategic [email protected]

26 27

CoNtaCtS:trUStiNSoFt86 rue de Paris 91400 orSaY - FraNCe tel.: +33 (0)9 70 44 75 87Web site: www.trust-in-soft.com

Fabrice derePaSCeoMobile: +33 (0)6 51 70 36 [email protected]

trustinSoft is the only software vendor able to assess safety and security of software without the need to change software devel-opment process.

trustinSoft sells tools and services to analyze source code. trustinSoft unique value proposal is to bring guarantees on the behavior of software. trustinSoft solutions are currently in use for software designers or integrators in the following domains: aeronautics, military, energy, telecom, space, railways.

trustinSoft proposes the following tools and services:

trustinSoft analyzer, the award winning software analysis tools allow-ing to mathematically guarantee the conformity to a specification or

the absence of flaws in software.

trustinSoft advances software audits, a service in which trustin-Soft experts uses trustinSoft analyzer on the customer’s software.

this service enables to get guarantees on the analyzed software.

trustinSoft expertise, a service of expertise to help customers use and deploy trustinSoft analyzer. it consists of training sessions, meth-

odological help or event design of dedicated trustinSoft analyzer plugins.


Data Security


at WalliX our mission is empowering your organisation to con-fidently give the right people access to the right it systems. our approach to security isn’t just blocking access but giving you the freedom and visibility to keep your staff, service providers and contractors working securely and effectively.

WalliX engineers software solutions that give our customers all over the world a better way to manage and secure access to it infrastructure for privileged users. Creating a single gateway with single sign-on for access by members of internal it teams or third party service providers.

access rights and passwords to servers, appliances and other devices can all be han-dled in a single console, helping to manage it team turnover and ensure that critical servers are only accessed by the people you’ve approved. and we take you beyond event logging by letting you monitor and capture session activity in real-time.

WalliX adminBastion (WaB) is developed and maintained by our experienced in-house team. and we keep usability at the heart of our philosophy. the WaB is engineered as a non-intrusive and agentless technology making it simple for you to configure, operate and administer day to day. No software is required on either the client or target devices.

We’re growing fast, supported by a global network of certified partners and val-ue-added resellers across eMea, CiS, aPaC and North america. our honesty and commitment to supporting our customers is why more than 200 organisations worldwide choose WalliX. We offer the best solution and value from a company that’s easy to work with.

Wallix adminBastion is a solution to help your organisation manage and monitor users who have privileged access to it infrastructure, including servers, business ap-plications and other devices.

adminBastion is able to monitor activity on systems of any operating system in real time, give immediate access to video recordings of these sessions as well as compre-hensive auditing to help you meet compliance requirements.

our solution creates a single gateway with single sign-on for access by members of internal it teams or third party service providers. access rights and passwords to servers and other devices can be handled in a single console helping to manage it team turnover and ensure that critical servers cannot be accessed by individuals no longer authorised to do so.it provides records and audit trails to demonstrate optimised compliance with appli-cable standards (iSo2700, PCi dSS, etc.).

CoNtaCtS:WalliX250 bis rue du Faubourg-Saint-Honoré 75008 PariS - FraNCe tel.: +33 (0)1 70 36 37 51Fax: +33 (0)1 43 87 68 38Web site: www.wallix.com

François laCaS Marketing directorMobile: +33 (0)6 63 65 72 [email protected]

Data Security



traceability

Privileged account Session Management

Password Management

28 29

GiCat (Groupement Professionnel des industries Fran-

çaises de défense et Sécurité terrestres et aéroterrestres,

French land defence and security industry association)

represents 200 companies including industrial contractors,

system manufacturers, integrators, and equipment manu-

facturers covering a broad spectrum of industrial, research,

service and consulting activities. GiCat promotes the

interests of the profession and works actively to support

its members, particularly SMes, in the international arena.

the association also develops important ties with insti-

tutional and private players in the French security sector.

GiCat also offers a number of exportation support servic-

es for its members, such as watch for international calls to

tender, country information folders, Business to Business

meetings, visits with delegations and authorities, partic-

ipation in specialised trade fairs and thematic seminars.

Forensics Services & Technologies

30 31

SecurItY OFFer

des

ign

and

Prod

uctio

n: a

genc

e Ke

rver

t

French land defence and security industry association

3 avenue Hoche75008 Paris - FraNCe

tel.: +33 (0)1 44 14 58 20

www.gicat.com

250 bis rue du Faubourg-Saint-Honoré75008 Paris - FraNCe

tel.: +33 (0)1 70 36 37 66

www.hexatrust.com

CYBERSECURITY & DIGITAL TRUST

H E X A T R U S T

in partnership with:

cybersecurity - gicat · 4 5 introduction cybersecurity cybersecurity is one of the major...

Documents